# User connections to WorkSpaces Pools User connections Users can connect to WorkSpaces in WorkSpaces Pools through the default public internet endpoint. By default, WorkSpaces Pools is configured to route streaming connections over the public internet. Internet connectivity is required to authenticate users and deliver the web assets that WorkSpaces Pools requires to function. To allow this traffic, you must allow the domains listed in [Allowed Domains](allowed-domains.md). **Note** For user authentication, WorkSpaces Pools supports Security Assertion Markup Language 2.0 (SAML 2.0). For more information, see [Configure SAML 2.0 and create a WorkSpaces Pools directory](create-directory-pools.md). The following topics provide information about how to enable user connections to WorkSpaces Pools. **Topics** + [ # Bandwidth Recommendations ](bandwidth-recommendations-user-connections.md) + [ # IP Address and Port Requirements for WorkSpaces Pools User Devices ](pools-client-application-ports.md) + [ # Allowed Domains ](allowed-domains.md) # Bandwidth Recommendations To optimize the performance of WorkSpaces Pools, make sure that your network bandwidth and latency can sustain your users' needs. WorkSpaces Pools uses NICE Desktop Cloud Visualization (DCV) to enable your users to securely access and stream your applications over varying network conditions. To help reduce bandwidth consumption, NICE DCV uses H.264-based video compression and encoding. During streaming sessions, the visual output of applications is compressed and streamed to your users as an AES-256 encrypted pixel stream over HTTPS. After the stream is received, it is decrypted and output to your users’ local screen. When your users interact with their streaming applications, the NICE DCV protocol captures their input and sends it back to their streaming applications over HTTPS. Network conditions are constantly measured during this process and information is sent back to WorkSpaces Pools. WorkSpaces Pools dynamically responds to changing network conditions by changing the video and audio encoding in real time to produce a high-quality stream for a wide variety of applications and network conditions. The recommended bandwidth and latency for WorkSpaces Pools streaming sessions depends on the workload. For example, a user who works with graphic-intensive applications to perform computer-aided design tasks will require more bandwidth and lower latency than a user who works with business productivity applications to write documents. The following table provides guidance on the recommended network bandwidth and latency for WorkSpaces Pools streaming sessions based on common workloads. For each workload, the bandwidth recommendation is based on what an individual user might require at a specific point in time. The recommendation does not reflect the bandwidth required for sustained throughput. When only a few pixels change on the screen during a streaming session, the sustained throughput is much lower. Although users who have less bandwidth available can still stream their applications, the frame rate or image quality may not be optimal. | Workload | Description | Bandwidth recommended per user | Recommended maximum roundtrip latency | | --- | --- | --- | --- | | Line of business applications | Document writing applications, database analysis utilities | 2 Mbps | < 150 ms | | Graphics applications | Computer-aided design and modeling applications, photo and video editing | 5 Mbps | < 100 ms | | High fidelity | High-fidelity datasets or maps across multiple monitors | 10 Mbps | < 50 ms | # IP Address and Port Requirements for WorkSpaces Pools User Devices IP Address and Port Requirements WorkSpaces Pools users' devices require outbound access on port 443 (TCP) and port 4195 (UDP) when using the internet endpoints, and if you are using DNS servers for domain name resolution, port 53 (UDP). + Port 443 is used for HTTPS communication between WorkSpaces Pools users' devices and WorkSpaces when using the internet endpoints. Typically, when end users browse the web during streaming sessions, the web browser randomly selects a source port in the high range for streaming traffic. You must ensure that return traffic to this port is allowed. + Port 4195 is used for UDP HTTPS communication between WorkSpaces Pools users' devices and WorkSpaces when using the internet endpoints. This is currently only supported in the Windows native client. UDP is not supported if you are using VPC endpoints. + Port 53 is used for communication between WorkSpaces Pools users' devices and your DNS servers. The port must be open to the IP addresses for your DNS servers so that public domain names can be resolved. This port is optional if you are not using DNS servers for domain name resolution. # Allowed Domains For WorkSpaces Pools users to access WorkSpaces, you must allow various domains on the network from which users initiate access to the WorkSpaces. For more information, see [IP address and port requirements for WorkSpaces Personal](workspaces-port-requirements.md). Note that the page specifies that it applies to WorkSpaces Personal but it also applies to WorkSpaces Pools. **Note** If your S3 bucket has a “.” character in the name, the domain used is `https://s3..amazonaws.com`. If your S3 bucket does not have a “.” character in the name, the domain used is `https://.s3..amazonaws.com`.